diff options
| author | Paul Pluzhnikov <ppluzhnikov@google.com> | 2015-02-06 00:30:42 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-02-16 05:26:49 -0500 |
| commit | 4d54424420c6300efbf57a7b9aa8635a8b8c1942 (patch) | |
| tree | b87845b3970fac459cae136a751a5c0e1f7816ca /ChangeLog | |
| parent | 1bf9d48aec087062e2a14b77cb5ee1fa81be334c (diff) | |
| download | glibc-4d54424420c6300efbf57a7b9aa8635a8b8c1942.tar.gz glibc-4d54424420c6300efbf57a7b9aa8635a8b8c1942.tar.xz glibc-4d54424420c6300efbf57a7b9aa8635a8b8c1942.zip | |
CVE-2015-1472: wscanf allocates too little memory
BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. (cherry picked from commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06) Conflicts: ChangeLog NEWS
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index a6461e6821..ccce486c9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2015-02-16 Paul Pluzhnikov <ppluzhnikov@google.com> + + [BZ #16618] + * stdio-common/tst-sscanf.c (main): Test for buffer overflow. + * stdio-common/vfscanf.c (_IO_vfscanf_internal): Compute needed + size in bytes. Store needed elements in wpmax. Use needed size + in bytes for extend_alloca. + 2015-02-16 H.J. Lu <hongjiu.lu@intel.com> [BZ #17801] |